Regulators are lagging behind banks in AI adoption. The fix lies not in better models, but in better rulebooks. That’s according to Rohini Gupta, CEO of FinregE.
In the high-stakes arena of financial supervision, a quiet asymmetry is widening. While the firms under scrutiny are “weaponising artificial intelligence” for trading, credit decisioning and fraud detection, the watchdogs tasked with restraining them are barely in the game.
Recent data from the Cambridge Centre for Alternative Finance (CCAF), part of the University of Cambridge’s Judge Business School, quantifies a supervisory gap that threatens to become a significant risk. Just 2% of regulators globally describe themselves as being at the most advanced stage of AI adoption, with 18% at the scaling phase. By contrast, 40% of the financial institutions they oversee are already scaling or transforming their operations with the technology (14% in the transforming category and 26% in the transforming stage).
This disparity is not merely a matter of bureaucratic inertia. Regulators operate under constraints that commercial firms do not. Public accountability demands a higher bar for evidence; procurement processes are more rigorous; and the consequences of an algorithmic error in a supervisory context are categorically different from those in a commercial setting. A hallucination in a trading algorithm costs money; a hallucination in a regulatory enforcement action costs legitimacy. Consequently, the pace of regulatory AI adoption is not a failure of ambition, but a reflection of higher standards.
However, the CCAF’s 2026 report suggests that caution alone does not explain the lag. The deeper issue is architectural. Conversations about regulatory AI often fixate on the tools, so the large language models and analytics platforms. Yet regulators furthest ahead have learned a harder lesson: AI is only as good as the infrastructure it sits on top of.
Most regulatory content was produced for a different era. Handbooks, sourcebooks and guidance were designed to be read by lawyers, published as static PDFs and updated through periodic amendments. They were never intended to be consumed by machines, queried programmatically or navigated as a knowledge graph. A regulator deploying an AI horizon-scanning tool on top of unstructured content will find its capability constrained not by the intelligence of the model, but by the opacity of the text. Before a regulator can ask an AI what the rules say, the rules must be structured in a way that AI can actually read.
The significance of this shift extends beyond searchability. It addresses the critical issue of trust. One of the reasonable concerns regarding AI adoption is whether tools have been tested in environments where accuracy and auditability are non-negotiable. Proof-of-concept pilots are not the same as production deployment at scale. Our own platform, for instance, has been running AI in production for more than eight years in live regulatory environments. This operational track record demonstrates that guardrails have been built from experience rather than assumption. And the platform supports structured, explainable AI grounded in trusted regulatory source content, rather than probabilistic reconstruction.
Based on this sort of work, a blueprint for “regulator-grade” digital infrastructure is arguably emerging. And it effectively consists of five building blocks.
Rulebooks must be machine-readable, structured as data rather than documents.
A formal taxonomy must map how provisions relate and how obligations trace to the source.
Public access must be dynamic, replacing static PDFs with interfaces that reduce the burden of navigation for firms.
AI applications must be explainable, built on top of structured content to ensure answers are traceable.
Internal operational tooling must support workflows like consultation analysis and supervision triage.
The sequence of implementation matters less than the foundation. A regulator beginning with internal AI tools will reach a ceiling without structured content beneath it. Conversely, investing in infrastructure compounds value; a public access rebuild unlocks AI capability faster than expected.
Arguably. the Cambridge data reflects a structural reality, not a failure of will. Regulators have moved cautiously because the standards for public accountability are higher. The opportunity now is to match those standards with trustworthy infrastructure built for them.
The AI gap is real, but the path to closing it is not another strategy paper or a procurement of off-the-shelf tools. It requires a partnership with organisations that understand that the future of regulation is not just intelligent, but structured.
To police the algorithms of the future, regulators must first digitise the rules of the present.
FinregE was selected by the UK’s Financial Conduct Authority (FCA) as the preferred vendor to host and manage its official Handbook Website.
In October 2025, FinregE delivered a next-generation platform that reimagines how the FCA Handbook is structured and experienced by organisations. The result is a smarter, faster and more intuitive digital environment, designed to make regulatory content easier to consume, interpret and apply in practice.
This marks a significant milestone for FinregE, as the company takes on the responsibility for hosting, publishing, and managing content for one of the world’s most respected financial regulators, bringing alive our shared vision for smarter and more accessible regulation, helping those who rely on the Handbook every day.
